On Sat, 7 Dec 2024, Daniel Stenberg wrote:
On Sat, 7 Dec 2024, Scott Talbert via curl-library wrote:
1) Extend the ca-embed functionality so that it works with libcurl and the
CA store could be bundled with libcurl. Is there a reason ca-embed was
restricted to just the curl tool?
I argued for the logic to be done in the tool, because I don't think it is
necessary for the library to do it. A bundled CA store is complicated already
as it forces you to update the application regularly instead of just updating
an external text file.
After all, it is ultimately the user of the library that decides what CA
store to use and the application is the user.
If you want this functionality for your application, you can just do the same
as the curl tool does. libcurl provides the APIs that make it possible.
2) Implement some sort of runtime CA bundle auto-detection, similar to the
compile-time one. It seems there is already support for this on Windows,
but similarly only with the curl tool.
Why do this in libcurl when you can with less effort do that logic in your
application? Then you can make it work exactly the way you want it to,
without having to care about others.
Calling pycurl an application is a bit of a stretch, but I suppose from
libcurl's perspective, everything is an application. :)
Initially, I wasn't thinking it would be possible to do runtime CA bundle
auto-detection in a way that's transparent to end users of pycurl, but
after looking at how libcurl handles CURL_CA_BUNDLE (it seems to
ultimately do what setting CURLOPT_CAINFO does), I think it should be fine
for pycurl to set CURLOPT_CAINFO before handing over the handle to the end
user.
Thanks,
Scott
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
